package com.dejavu.c4.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.annotation.Resource;
import javax.sql.DataSource;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    private DataSource dataSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/toLogin").permitAll()
                .antMatchers("/index").hasRole("管理员")
                .antMatchers("/").hasRole("管理员")
                .antMatchers("/toIndex").hasRole("管理员")
                .antMatchers("/toTable").hasRole("管理员");
        http.formLogin().loginPage("/toLogin");
        http.csrf().disable();
        http.logout().logoutSuccessUrl("/");
        http.rememberMe().rememberMeParameter("remember");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("wxy").password(new BCryptPasswordEncoder().encode("123456")).roles("管理员")
                .and()
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("管理员")
                .and()
                .withUser("aaa").password(new BCryptPasswordEncoder().encode("123456")).roles("普通用户");

    }
}
